using IdentityModel;
using IdentityServer4.Models;
using System.Collections.Generic;

namespace Idp_Login
{
    public partial class Config
    {
        /// <summary>
        /// 定义API资源 可以理解成资源服务器的别名
        /// 比如 order 服务(站点) 我可以定义为 order API资源.
        /// 那 访问order 服务(站点)时,我需要有 order API资源的访问权限(这个在client中配置)
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<ApiScope> GetApiScopes()
        {
            //注: 当 ApiScope 的第三个参数 claimTypes 为null 或 count ==0 时,
            //CustomProfileService 类 的 context.RequestedClaimTypes.Any() /*有请求Claim信息*/   这里就为false 

            //可访问的API资源(资源名，资源描述,这个资源需要的claims)
            var apis = new List<ApiScope>();
            apis.AddRange(Config_ApiScopes_Demo.GetApiScopes());

            //基于角色的控制 
            //https://www.cnblogs.com/stulzq/p/8726002.html  
            // simple API with a single scope (in this case the scope name is the same as the api name)

            apis.Add(new ApiScope("api1", "Some API 1", new List<string>() { 
                        JwtClaimTypes.Role 
                    })
                );

            apis.Add(new ApiScope("api3", "Some API 3"));
            apis.Add(new ApiScope("good", "good Service"));
            apis.Add(new ApiScope("order", "order Service"));
            apis.Add(new ApiScope("UserApi", "用户获取API", new List<string>() {
                        IdentityModel.JwtClaimTypes.Role,
                        "eMail"
                    })
                );

            // expanded version if more control is needed
            apis.Add(new ApiScope
            {
                Name = "api2",
                DisplayName = "api2.DisplayName",
                // include the following using claims in access token (in addition to subject id)
                UserClaims = { JwtClaimTypes.Name, JwtClaimTypes.Email },
            });

            apis.Add(new ApiScope("api2.full_access", "Full access to API 2"));
            apis.Add(new ApiScope("api2.read_only", "Read only access to API 2"));

            return apis;
        }
    }
}
